Secunia

Microsoft said today that it is looking into a report of a critical vulnerability in Windows 7 that could be used to take over the computer if a user opened a malicious Web page using Apple's Safari browser.

"We are currently examining the issue and will take appropriate action to help ensure customers are protected," Jerry Bryant, group manager for Response communications of Microsoft's Trustworthy Computing Group, said in a statement to CNET.

A new report from security software provider Secunia shows that despite considerable security investments, the software industry at large is unable to produce software with substantially fewer vulnerabilities.

The latest data shows that Apple has surpassed Oracle and even Microsoft with accounting for the most software vulnerabilities, though the No. 1 ranking is related only to the number of vulnerabilities--not to how risky they are or how fast they get patched.

This analysis also supports the general perception that a high market share correlates with a high number of vulnerabilities--with Apple (maker of iTunes and QuickTime), Microsoft (Windows, Internet Explorer), … Read more

There were a lot of high-profile updates in 2008, and the line between traditional software downloads and Web applications blurred significantly. The browser especially has become, for some people, the only program they need.

There were several stand out new applications, though, and here are six of what I think are the best ones. They range from traditional Web browsers and browser hybrids to communication tools and utilities that should help you work faster and help maintain your system.

Google Chrome : The one application that probably going to be on everybody's Nice list this year, Google Chrome unexpectedly redefined … Read more

Not only does Secunia Personal Software Inspector provide extensive details on the software installed on your computer, it also gives you direct links to update programs that are older and potentially not secure.

The interface mixes professional layout with a text-heavy, spartan design. At the top right of the program window, users can choose a Simple or Advanced layout. Under Simple, Secunia provides basic information about the installed program statuses, with a chart to gauge their security over time and a simplified listing of any errors. Clicking on an error leads you through the proprietary Easy-to-Patch program update process, which … Read more

Not only does Secunia Personal Software Inspector provide extensive details on the software installed on your computer, it also gives you direct links to update programs that are older and potentially not secure.

The interface mixes professional layout with a text-heavy, spartan design. At the top right of the program window, users can choose a Simple or Advanced layout. Under Simple, Secunia provides basic information about the installed program statuses, with a chart to gauge their security over time and a simplified listing of any errors. Clicking on an error leads you through the proprietary Easy-to-Patch program update process, which … Read more

The U.S. Computer Emergency Readiness Team has warned of a vulnerability in SAP GUI, the graphical user interface client in the German company's enterprise resource-planning software.

The unspecified flaw can cause Microsoft's Internet Explorer browser to crash in an exploitable manner. The flaw lies in an ActiveX control called MDrmSap, a component of SAP GUI.

US-CERT warned in an advisory, updated on Monday, that if users are fooled into viewing a specially crafted HTML document, external attackers might be able to gain control of their system, with their privileges.

Secunia's Online Software Inspector (OSI) is a great free service, one that all Windows users should avail themselves of regularly. OSI is an online scan of a Windows computer (Macs and Linux are not supported) that looks for software with known security flaws. Any computer that gets a clean bill of health from OSI is better defended than one that doesn't.

As I write this, only 7,019 scans have been run in the last 24 hours. More Windows users need to be made aware of the scanner, and I hope this posting does so. That said, OSI … Read more

Update October 20, 2008 Noon EDT. According to Secunia they now detect version 10 of the Flash Player and they have corrected their FAQ. However, the most important issue, treating version 9 of the Flash Player as good rather than bad has not changed. Update October 20, 2008 9 PM EDT. An email from Secunia said they don't consider version 9,0,124,0 of the Flash Player to be bad because it is the latest edition of version 9 and because Adobe still supports version 9.

In researching assorted postings on this blog I've dealt with security firm Secunia and thus ended up on their mailing list. They sent a notice yesterday warning that QuickTime has a security problem and everyone should upgrade to the newest version. A new bug in QuickTime certainly comes as no shock.

But the email was about more than just QuickTime. Secunia said this latest fix was the "...fourth major security update during the last two days required to protect private PCs against criminal attacks ... Users of Skype, Adobe Reader, and Java also run a risk of falling victim … Read more

Secunia says, "The security issue is caused due to the JRE processing external XML entity references even though the 'external general entities' property is set to FALSE. This can be exploited to e.g. access certain URLs or cause a DoS (denial of service) via malicious XML documents."